In 2025, phishing continues to dominate global cybercrime. During Q1, the APWG registered 1,003,924 phishing incidents, the highest since late 2023. Compared to 2023, weekly phishing volumes are up 180%, and the spread of infostealers through phishing emails jumped 84% in 2024.
The message is clear: phishing has become a primary pathway to credential leaks, account compromise, and operational disruption. Atlaslive’s Maksym Shapoval, Information Security Lead, outlines the latest threat patterns and ways companies can respond.
Why Phishing Persists
Phishing’s power lies in its simplicity. By posing as trusted senders, attackers lure users into sharing passwords, card details, or private data. Messages now arrive not just via email but also by SMS (“smishing”) and phone (“vishing”), often mimicking corporate communications almost perfectly.
High-Profile Cases This Summer
Recent months brought several notable examples:
- Google — A Salesforce CRM phishing chain resulted in exposed data.
- Cisco — Targeted through vishing, leading to compromised client systems.
- Booking — Ongoing phishing campaigns stretching back to 2024.
- UK Tax Authority — A massive attack stole £47 million from 100,000 victims.
These show that phishing cuts across industries and geographies.
iGaming Targeted
The iGaming sector also faced a major hit in July 2025, when one of the world’s largest betting companies reported that 800,000 user accounts had been exposed. Records included IP addresses, emails, and activity logs—data attackers can easily reuse for precision phishing.
“The incident underscores why iGaming platforms are prime targets,” says Maksym Shapoval, Information Security Lead at Atlaslive. “They operate entirely online, process constant financial transactions, and handle vast volumes of personal data. The risks of social engineering attacks in this industry are significant.”
Even in the absence of leaked payment data, personal records can fuel damaging secondary attacks.
How to Defend Against Phishing
Phishing thrives on human error, so defenses must combine technology, training, and governance. Atlaslive recommends:
- Access Controls — Use 2FA everywhere, apply least privilege, segment networks, and run frequent audits.
- Email Security — Protect with DMARC, DKIM, and SPF; watch for lookalike domains; flag external mail.
- Device Security — Manage devices with MDM/EDR tools and track browsing activity.
- Incident Response — Provide a clear reporting line, maintain runbooks, and communicate with staff quickly.
- Training — Run simulations and awareness sessions to reduce risky clicks.
- Governance — Audit security posture regularly and embed phishing defense into company policy.
These overlapping controls help reduce both the likelihood and the fallout of attacks.
Conclusion
Phishing remained at the center of major breaches this summer, from global tech leaders to regulators and iGaming platforms. Attacks are more targeted, sophisticated, and damaging than ever.
For organizations dealing with sensitive data and transactions, a layered approach to phishing defense is no longer optional — it’s essential. Those that invest in resilience today will be the ones able to safeguard trust, protect customer data, and sustain long-term growth.
